01f39b27d954d49c89e0de3854b09a922de5d6f3c43000c5e42dc2dbe44ec38d

Sharing

Copy URL

Twitter E-mail

General

Target

01f39b27d954d49c89e0de3854b09a922de5d6f3c43000c5e42dc2dbe44ec38d
Size

495KB
MD5

7baa3bc20725e230c61fda6c3e070fc3
SHA1

278b4c58922f580c883deb2df493f1bc1c72282a
SHA256

01f39b27d954d49c89e0de3854b09a922de5d6f3c43000c5e42dc2dbe44ec38d
SHA512

5da81269a73c09c65e8d06191615db3212d1897e46de5f63e4657c16c56b62f67ab81a0e1b7e8bc1222aab913635b5356b2c691f079f0f5f174414e1ab7cde7c
SSDEEP

6144:o7NC29GCivWCFClBi1Uo3zg5DOxI9NNiMkOSyQ7CeRa91sZeVgb5IYa:opCMGC/CFNWizg5DYINNiLrVO1C+Ya

Score

N/A

Malware Config

Signatures

Files

01f39b27d954d49c89e0de3854b09a922de5d6f3c43000c5e42dc2dbe44ec38d
.dll regsvr32 windows x86

a46931712764c82e68e10bd426083f98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_resetstkoflw
calloc
_purecall
_errno
_gcvt
_strlwr
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
iswalpha
iswprint
iswalnum
_vsnwprintf
iswascii
iswdigit
iswxdigit
iswlower
wcstol
iswcntrl
rand
srand
time
wcschr
_wcsicmp
strncmp
_wtoi
_snwprintf
_ui64toa
_msize
_i64toa
_ultoa
_fpclass
iswspace
wcstod
wcsncmp
_HUGE
_wcstoi64
_wcstoui64
_callnewh
_XcptFilter
_initterm
_amsg_exit
_adjust_fdiv
_unlock
__dllonexit
wcsncpy
_lock
_onexit
realloc
memcpy
memmove
??1type_info@@UAE@XZ
malloc
free
memset
_CIexp

kernel32

HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LoadLibraryA
SetFileAttributesW
CreateDirectoryW
CreateFileMappingW
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
GetFileSize
GetVersionExW
GetStringTypeW
FindResourceExW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
FreeLibrary
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
RaiseException
lstrlenW
GetModuleFileNameW
FindResourceW
SizeofResource
LoadResource
GetLastError
CloseHandle
CreateEventW
SetEvent
GetVersionExA
InterlockedExchange
WideCharToMultiByte
HeapSize
lstrlenA
GetEnvironmentVariableW
Sleep
InterlockedCompareExchange
OutputDebugStringA
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedExchangeAdd
GetSystemInfo
FileTimeToSystemTime
GetLocalTime
LoadLibraryW
GetSystemTime
SystemTimeToFileTime
LocalFree
LocalAlloc
SetLastError
GetSystemDirectoryW
QueueUserWorkItem
ReleaseMutex
OpenMutexW
CreateMutexW
CreateFileW
VirtualProtect
LockResource
GetProcAddress
LCMapStringW
GetProcessHeap

ole32

CoInitializeEx
CoUninitialize
CoWaitForMultipleHandles
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromCLSID

oleaut32

SafeArrayUnlock
SafeArrayCreateVector
SysFreeString
VarUI4FromStr
SysStringLen
SysAllocString
VariantClear
VariantInit
SafeArrayCreate
SafeArrayDestroy
SafeArrayLock
SysAllocStringLen

user32

UnregisterClassA
CharNextW

advapi32

RegDeleteKeyW
RegOpenKeyW
RegCreateKeyW
ConvertSidToStringSidW
RegQueryValueExW
IsValidSid
MakeAbsoluteSD
SetSecurityDescriptorDacl
LookupAccountNameW
CopySid
SetSecurityDescriptorSacl
GetLengthSid
MakeSelfRelativeSD
AddAce
InitializeAcl
GetSecurityDescriptorLength
GetAce
ConvertStringSidToSidW
InitializeSecurityDescriptor
GetAclInformation
AddAccessAllowedAceEx
TraceMessage
TraceEvent
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle

shlwapi

ord15
UrlApplySchemeW
UrlEscapeW
UrlCanonicalizeW
UrlGetPartW
PathAppendW
UrlCombineW

rpcrt4

MesHandleFree
MesDecodeBufferHandleCreate

ws2_32

freeaddrinfo
WSAGetLastError
getaddrinfo
WSAStartup
WSACleanup
inet_ntoa

shell32

SHGetFolderPathW

secur32

GetUserNameExW

dnsapi

DnsQuery_W
DnsFree

crypt32

CryptUnprotectData
CryptProtectData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a46931712764c82e68e10bd426083f98

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

ole32

oleaut32

user32

advapi32

shlwapi

rpcrt4

ws2_32

shell32

secur32

dnsapi

crypt32

Exports

Exports

Sections

.text Size: 412KB - Virtual size: 411KB

.data Size: 61KB - Virtual size: 61KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 412KB - Virtual size: 411KB

.data
Size: 61KB - Virtual size: 61KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 19KB